Once I saw DANE I lost interest, DNSSEC is train wreck awful. Do not use.
You're right about expired certificates, but TLS provides actual security too. That's my sense of the cost-benefit trade-off. DNSSEC isn't worth it. CloudFlare could be 100% perfect at operations and still suffer when an ISP screws up DNSSEC on the resolvers. Not so with TLS.
-
-
Fine with you making your own tradeoffs. However, you state as black and white facts what are really personal prefs. My domain is monitored via proactive alerts well before sig expiry. DANE protects my email. Let's avoid zealous maxims, be right not righteous.
-
But I am right. DNSSEC doesn't actually work and it does cause outages. Don't use it. Get out of here with this righteous nonsense!
- 20 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.